We load the sig and payload into session so we can tell if we came from single sign-on so we can redirect back. This means that in
our login functions (whether it be login() or some social login) we need to change it to (as an example for login):